Login: WIP

author: Thibaut Horel <thibaut.horel@gmail.com> 2018-12-27 20:31:01 -0500
committer: Thibaut Horel <thibaut.horel@gmail.com> 2018-12-27 20:31:01 -0500
commit: 08a5afd311e918f89d0d6ef955a3b1dbbe38713a (patch)
tree: 526de27968f4f4eec3b476cb306236f763126251 /main.go
parent: 0adcee59a57178dc7706a43a15aa5b90fe1cb1ee (diff)
download: id-08a5afd311e918f89d0d6ef955a3b1dbbe38713a.tar.gz
1 files changed, 7 insertions, 1 deletions
diff --git a/main.go b/main.go
index 5317ffa..b459324 100644
--- a/main.go
+++ b/main.go
@@ -1,6 +1,9 @@
 package main
 
 import (
+	"crypto/md5"
+	"crypto/subtle"
+	"encoding/hex"
 	"html/template"
 	"log"
 	"net/http"
@@ -45,8 +48,11 @@ func (app *App) loginHandler(w http.ResponseWriter, r *http.Request) {
 		} else {
 			username := r.Form.Get("username")
 			password := r.Form.Get("password")
+			hash := md5.Sum([]byte(password))
+			dst := make([]byte, hex.EncodedLen(md5.Size))
+			hex.Encode(dst, hash[:])
 			u, ok := app.GetUser(username)
-			if ok && (u.Password == password) {
+			if ok && subtle.ConstantTimeCompare(u.Password, dst) == 1 {
 
 			} else {
author	Thibaut Horel <thibaut.horel@gmail.com>	2018-12-27 20:31:01 -0500
committer	Thibaut Horel <thibaut.horel@gmail.com>	2018-12-27 20:31:01 -0500
commit	08a5afd311e918f89d0d6ef955a3b1dbbe38713a (patch)
tree	526de27968f4f4eec3b476cb306236f763126251 /main.go
parent	0adcee59a57178dc7706a43a15aa5b90fe1cb1ee (diff)
download	id-08a5afd311e918f89d0d6ef955a3b1dbbe38713a.tar.gz